Automatically generate random secrets for the redis password and django secret
This commit is contained in:
parent
215217bd8c
commit
094a76b647
3 changed files with 17 additions and 6 deletions
|
@ -11,7 +11,7 @@ postgres://{{ .Values.database.user}}:{{ .Values.database.password }}@{{ .Values
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "funkwhale.redisUrl" -}}
|
{{- define "funkwhale.redisUrl" -}}
|
||||||
redis://:{{ .Values.redis.password }}@{{ .Values.redis.host | default (printf "%s-%s" (include "funkwhale.fullname" .) "redis-master") }}:{{ .Values.redis.redisPort }}/0
|
redis://:{{ default uuidv4 .Values.redis.password }}@{{ .Values.redis.host | default (printf "%s-%s" (include "funkwhale.fullname" .) "redis-master") }}:{{ .Values.redis.redisPort }}/0
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "funkwhale.fullname" .)) -}}
|
||||||
|
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -10,7 +12,11 @@ metadata:
|
||||||
data:
|
data:
|
||||||
CACHE_URL: {{ include "funkwhale.redisUrl" . | b64enc }}
|
CACHE_URL: {{ include "funkwhale.redisUrl" . | b64enc }}
|
||||||
DATABASE_URL: {{ include "funkwhale.dbUrl" . | b64enc }}
|
DATABASE_URL: {{ include "funkwhale.dbUrl" . | b64enc }}
|
||||||
DJANGO_SECRET_KEY: {{ .Values.djangoSecret | b64enc }}
|
{{ if $secret -}}
|
||||||
|
DJANGO_SECRET_KEY: {{ $secret.data.DJANGO_SECRET_KEY }}
|
||||||
|
{{ else -}}
|
||||||
|
DJANGO_SECRET_KEY: {{ (default uuidv4 .Values.djangoSecret) | b64enc }}
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
{{- range $key, $val := .Values.extraSecret }}
|
{{- range $key, $val := .Values.extraSecret }}
|
||||||
{{ $key }}: {{ $val | b64enc }}
|
{{ $key }}: {{ $val | b64enc }}
|
||||||
|
|
|
@ -47,6 +47,14 @@ database:
|
||||||
database: funkwhale
|
database: funkwhale
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
|
# If you already have a Redis service you'd like to use, set
|
||||||
|
# this to false and adjust the host to use your existing service.
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
host: ''
|
||||||
|
redisPort: 6379
|
||||||
|
password: ''
|
||||||
|
|
||||||
cluster:
|
cluster:
|
||||||
enabled: false
|
enabled: false
|
||||||
master:
|
master:
|
||||||
|
@ -55,9 +63,6 @@ redis:
|
||||||
slave:
|
slave:
|
||||||
persistence:
|
persistence:
|
||||||
enabled: false
|
enabled: false
|
||||||
password: funkwhale
|
|
||||||
redisPort: 6379
|
|
||||||
# host: {{ template "funkwhale.fullname" . }}-redis-master
|
|
||||||
|
|
||||||
djangoSecret: ''
|
djangoSecret: ''
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue